Cyber Security Awareness and Vulnerabilities Blog

RSS

SecureAuth and Core Security have been monitoring the evolving situation with “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) – the recently disclosed processor (CPU) vulnerabilities. Our team has not detected any current impact to customer implementations at this time. We have already initiated…

Read More

It’s the start of a new year. A time where it’s normal for businesses to look at what worked, what didn’t and what to start or stop. With those conversations happening, it’s just as important to discuss this from a security perspective. Looking back,…

Read More

In today’s connected world there are too many devices and too many networks to protect and cyber criminals are more sophisticated than ever. The 2017 threat landscape proved that no one is immune to cyber attacks. But can we take the cybersecurity mistakes…

Read More

While working on the NVIDIA DxgDdiEscape Handler exploit, it became obvious that The GDI primitives approach discussed the last couple of years would be of no help to reliably exploit this vulnerability. So we came up with another solution: We could map some specially chosen virtual addresses,…

Read More

                In this quick tips and tricks video, you will learn how to launch a remote shell using WMI in Core Impact. Follow the steps in the video to learn how you can do this in your…

Read More

More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all…

Read More

So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess…

Read More

We celebrate the holidays with shopping, gift giving and spending quality time with friends and family. However, when January rolls around and your employees are back in the office it’s likely that they will arrive with a shiny new toy or two. In the…

Read More

Here is the summary of all of the exploits and updates shipped to Impact 2017 R2 since Sept 26th (the last Dot release): 17 Updates overall 9 Remote Exploits 3 Client-Side Exploits 4 Local Exploits 1 Product update   Here is the list of the published modules: Remote Exploits: Trend Micro Mobile…

Read More

2017 has brought a world of new cyber threats, from sophisticated ransomware attacks to cryptocurrency theft, to high-profile data breaches – too often connected to stolen or misused credentials. With the evolution of the cyber threat landscape, c-suite and IT professional decision makers…

Read More